Télécharger
Transcription
Télécharger
LCAP — Règles relatives à l’installation et à l’utilisation de programmes d’ordinateur (En anglais seulement) Effective January 15, 2015, Canada’s anti-spam law (commonly known as “CASL”) will impose onerous restrictions and requirements for the commercial installation and use of computer programs on another person’s computer system. The rules apply to almost any computer program (not just malware/spyware/harmful programs) installed on almost any computing device (including mobile phones) as part of a commercial activity (regardless of expectation of profit). The rules have potentially serious implications for Canadian businesses that distribute computer programs and for foreign businesses that distribute computer programs to computer systems located in Canada. Unfortunately, the rules are challenging to interpret and apply, and regulators have provided limited guidance. Summary Of CASL Rules Following is a summary of some key elements of CASL’s rules for the installation and use of computer programs. General Prohibition: CASL provides that, subject to important but limited exceptions, a person must not, in the course of a commercial activity, either install or cause to be installed a computer program on any other person’s computer system, or cause an electronic message to be sent from any other person’s computer system on which the person installed, or caused to be installed, a computer program, unless the person has obtained the express consent of the owner or an authorized user of the computer system. CASL also prohibits aiding, inducing, procuring or causing to be procured a violation of the rules regarding the installation and use of computer programs. Broad Definitions: CASL broadly defines “computer program” (data representing instructions or statements that, when executed in a computer system, causes the computer system to perform a function), “computer system” (one or more devices that contain computer programs or other data and perform logic and control functions pursuant to computer programs), “commercial activity” (any transaction, act or conduct of a commercial character, regardless of expectation of profit) and “electronic message” (a message sent by any means of telecommunication). CASL’s rules are not limited to malware/spyware or other kinds of fraudulent or harmful computer programs. Geographic Scope: CASL’s rules apply if the computer system is located in Canada at the relevant time, or if the person installing or directing the installation or use of the computer program is in Canada at the relevant time. Express Consent: CASL requires express consent to the installation of a computer program on another person’s computer system or the sending of messages from another person’s computer system. Subject to limited exceptions, implied consent is not sufficient. Regulatory guidance explains that CASL requires that express consent be obtained through an opt-in mechanism. Accordingly, an individual must take a positive action to indicate express consent; silence or inaction cannot be construed as providing express consent. Calgary | Montréal | Ottawa | Toronto | Vancouver Avocats | Agents de brevets et de marques de commerce | S.E.N.C.R.L., S.R.L. (« BLG »). Tous droits réservés blg.com Request for Consent - Standard Computer Programs: CASL requires that a request for express consent must clearly and simply: (1) set out the purpose for which the consent is sought; (2) describe, in general terms, the function and purpose of the computer program that is to be installed if consent is given; and (3) specify prescribed information regarding the identity and contact details of the person seeking consent and any other person on whose behalf the consent is sought. A request for consent must also contain a statement indicating that the person whose consent is sought can withdraw their consent. Consent for Updates/Upgrades: CASL’s rules apply to the installation of updates and upgrades to a computer program. However, a person does not have to obtain an additional express consent for a non-invasive update or upgrade to a computer program if: (1) the computer program was installed with express consent in accordance with CASL; (2) the person who gave the consent is entitled to receive the update/ upgrade under the terms of the express consent; and (3) the update/upgrade is installed in accordance with those terms. Regulatory guidance confirms that consent to the installation of future updates/upgrades to a computer program may be obtained at the same time that consent is obtained for the original installation of the computer program. CASL provides a time-limited transition provision for updates/upgrades - a person’s consent to the installation of an update/upgrade to a computer program that was installed on the person’s computer system before January 15, 2015, is implied until the person gives notice that the person no longer consents to the installation of updates/upgrades or until January 15, 2018. Deemed Consent for Certain Programs: CASL provides that a person is considered to expressly consent to the installation of certain kinds of computer programs (e.g. a cookie, HTML code, Java Scripts, an operating system or a program that is necessary to correct a failure in the operation of a computer system or program and is installed for that sole purpose) if the person’s conduct is such that it is reasonable to believe that the person consents to the program’s installation. Regulatory guidance indicates that certain kinds of cookies might not be considered to be a computer program for the purposes of CASL. Request for Consent - Invasive Computer Programs: CASL imposes additional requirements for valid consent to the installation of a computer program that performs certain specified invasive functions (e.g. collecting personal information stored on the computer system or causing the computer system to communicate with another computer system or device without the authorization of the owner or an authorized user of the computer system) that a person knows and intends will cause a computer system to operate in a manner that is contrary to the reasonable expectations of the owner or authorized user of the computer system. A request for consent to the installation of an invasive computer program must be separate and apart from a license agreement and must include additional, separate disclosures of prescribed information about the computer program’s invasive functions. A valid consent to the installation of an invasive computer program must be confirmed in writing (paper or electronic forms that satisfy specified requirements) with express acknowledgement of the program’s invasive functions. In addition, a person who obtains express consent to the installation of an invasive computer program must, for a period of one year after the computer program is installed, provide a procedure for removing or disabling Calgary | Montréal | Ottawa | Toronto | Vancouver Avocats | Agents de brevets et de marques de commerce | S.E.N.C.R.L., S.R.L. (« BLG »). Tous droits réservés blg.com the computer program if the consent was based on an inaccurate description of the material elements of the computer program. Separate/Discrete Consent: Regulatory guidance explains that a consent to the installation or use of a computer program on another person’s computer system must be specific and separate from consents to other kinds of CASLregulated conduct (e.g. the sending of commercial electronic messages), and must not be subsumed in, or bundled with, requests for consent to the general terms and conditions of use or sale. Burden of Proof: CASL provides that a person who alleges they have consent to the installation or use of a computer program on another person’s computer system has the onus of proving the consent. Extended Liability: CASL provides that employers are liable for a contravention of CASL’s rules for the installation and use of computer programs committed by their employees and agents within the scope of their employment or authority, and corporate directors and officers are personally liable if they direct, authorize or assent to, or acquiesce or participate in, a contravention of CASL’s rules for the installation and use of computer programs committed by their corporation. Employers, directors and officers can avoid liability if they establish that they exercised “due diligence” to prevent the contravention. Penalties for Non-Compliance: Failure to comply with CASL’s rules for the installation and use of computer programs can result in significant administrative monetary penalties (up to $10,000,000 for organizations and $1,000,000 for individuals). In addition, beginning in July 2017 a private right of action will allow persons affected by a contravention of CASL’s rules for the installation and use of computer programs to commence enforcement proceedings and recover compensatory damages and statutory penalties (a maximum of $1,000,000 for each day on which a contravention occurred). Interpretation And Application CASL’s rules for the installation and use of computer programs are challenging to interpret because CASL uses broad and ambiguous terminology (e.g. “install or cause to be installed”, “cause an electronic message to be sent”, “update or upgrade” and “operating system”). As a result, the scope and application of the rules are uncertain. By way of example only: Online Software Distribution: Do the rules apply when software is downloaded and installed using an automated online process (e.g. online stores for mobile device apps) that is initiated by the computer system user? If so, who is responsible for CASL compliance - the software vendor/ distributor, the app store operator or both of them? Automated Messages: Do the rules apply to the transmission of data (e.g. diagnostic data or queries for software updates) that is sent automatically by a computer program without human intervention? Updates: Do the rules apply to minor bug fixes or to updates to ancillary databases? Firmware: Is firmware a computer program or part of an operating system that is exempted from the rules? Calgary | Montréal | Ottawa | Toronto | Vancouver Avocats | Agents de brevets et de marques de commerce | S.E.N.C.R.L., S.R.L. (« BLG »). Tous droits réservés blg.com CASL’s rules for the installation and use of computer programs are challenging to apply because in many situations it is either difficult or impossible for a software vendor/distributor to request and obtain the express consent required by CASL. For example, popular software distribution websites (including online stores for mobile device apps) currently do not have processes to request, obtain and record express consents for the downloading and installation of each program. As another example, many devices that qualify as a computer system do not have the user interfaces necessary to request, obtain and record express consents to the installation of updates/upgrades to firmware on the device or the automated sending of electronic messages from the device. Industry Canada and the CRTC have issued limited guidance that does not address some of the most challenging aspects of CASL’s rules for the installation and use of computer programs. The CRTC has indicated that additional guidance will be provided in the future. Comment CASL’s rules for the installation and use of computer programs come into force on January 15, 2015. In the absence of additional regulations or regulatory guidance, businesses that directly or indirectly distribute computer software (including mobile apps distributed through app stores and automated firmware updates) or receive messages from installed software (including diagnostic data and automated update queries) should now be considering the impact of CASL’s rules on their business activities and planning for compliance with those rules. Calgary | Montréal | Ottawa | Toronto | Vancouver Avocats | Agents de brevets et de marques de commerce | S.E.N.C.R.L., S.R.L. (« BLG »). Tous droits réservés blg.com BUREAUX BLG Calgary Montréal Ottawa Centennial Place, East Tower 1900, 520 - 3rd Avenue S.W. Calgary, Alberta, Canada T2P 0R3 1000, rue De La Gauchetière Ouest Bureau 900 Montréal, Québec, Canada H3B 5H4 World Exchange Plaza 100, rue Queen Ottawa, Ontario, Canada K1P 1J9 T T 403.232.9500 F F 403.266.1395 T 514-954-2555 F 514-879-9015 T 613.237.5160 F 613.230.8842 Toronto Vancouver Scotia Plaza 40 King Street West Toronto, Ontario, Canada M5H 3Y4 1200 Waterfront Centre 200, rue Burrard Vancouver, Colombie-Britannique, Canada V7X 1T2 T 416.367.6000 F 416.367.6749 T 604.687.5744 F 604.687.1415 Cette publication n’est ni un avis juridique, ni un énoncé complet de la législation pertinente, ni un avis sur un quelconque sujet. Personne ne devrait agir ni omettre d’agir sur la foi de celle-ci sans procéder à un examen approfondi du droit après avoir soupesé les faits d’une situation précise. Vous êtes prié(e) de consulter un conseiller juridique pour toute question ou préoccupation particulière. BLG ne garantit pas l’exactitude, la fiabilité ou l’exhaustivité de cette publication. Il est interdit de reproduire, même partiellement, cette publication sans l’autorisation écrite préalable de Borden Ladner Gervais s.e.n.c.r.l., s.r.l. (BLG). Si BLG vous a envoyé cette publication et que vous ne souhaitez plus la recevoir, vous pouvez demander à faire supprimer vos coordonnées de nos listes d’envoi en communiquant avec nous par téléphone au 1.877.BLG.LAW1 ou par courriel à [email protected]. On trouvera la politique de protection des renseignements personnels de BLG en ce qui a trait aux publications à l’adresse http://BLG.com/fr/AvisJuridique#ElectronicPrivacyPolicy_FR. © 2015 Borden Ladner Gervais s.e.n.c.r.l., s.r.l. Calgary | Montréal | Ottawa | Toronto | Vancouver Avocats | Agents de brevets et de marques de commerce | S.E.N.C.R.L., S.R.L. (« BLG »). Tous droits réservés blg.com